Question : EAP rejects Wireless user when using NPS as a RADIUS Server in an Active Directory Environment

I am trying to get NPS (Running Windows Server 2008 R2) setup as a RADIUS server to authenticate my wireless clients (running Windows 7 Enterprise). When attempting this, I get the following in the event log on the DC/NPS:

- System

- Provider

[ Name] Schannel
[ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}

EventID 36888

Version 0

Level 2

Task 0

Opcode 0

Keywords 0x8000000000000000

- TimeCreated

[ SystemTime] 2009-08-17T20:27:15.913829000Z

EventRecordID 136791

Correlation

- Execution

[ ProcessID] 540
[ ThreadID] 1748

Channel System

Computer DOMAINCONTROLLER.domain

- Security

[ UserID] S-1-5-18

- EventData

AlertDesc 20
ErrorState 960

And the following in the NPS log:
"DOMAINCONTROLLER","IAS",08/18/2009,09:13:28,1,"DOMAIN\USER","DOMAIN\user","001c1011af08","001bfcb1bd23",,,"001c1011af08","WAP IP",47,0,"WAP IP","WAP Hostname",,,19,,,,11,"Secure Wireless Connections",0,"311 1 DOMAINCONTROLLERIP 08/17/2009 16:55:48 120",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Secure Wireless Connections",1,,,,
"DOMAINCONTROLLER","IAS",08/18/2009,09:13:28,3,,"DOMAIN\user",,,,,,,,0,"WAP IP","WAP Hostname",,,,,,,11,"Secure Wireless Connections",23,"311 1 DOMAINCONTROLLERIP 08/17/2009 16:55:48 120",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Secure Wireless Connections",1,,,,

And the following in the client security log:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 8/18/2009 9:13:28 AM
Event ID: 5632
Task Category: Other Logon/Logoff Events
Level: Information
Keywords: Audit Failure
User: N/A
Computer: LAPTOP.domain
Description:
A request was made to authenticate to a wireless network.

Subject:
      Security ID:            DOMAIN\user
      Account Name:            user
      Account Domain:            DOMAIN
      Logon ID:            0x23e79

Network Information:
      Name (SSID):            DOMAIN-wlan
      Interface GUID:            {90952a3d-ac07-4f0d-9598-50afdea22da8}
      Local MAC Address:      00:1B:FC:B1:BD:23
      Peer MAC Address:      00:1C:10:11:AF:08

Additional Information:
      Reason Code:            Explicit Eap failure received (0x50005)
      Error Code:            0x0
      EAP Reason Code:      0x0
      EAP Root Cause String:
      EAP Error Code:            0x0

The client is receiving the root certificate that has an intended purpose of according to the certificate MMC snap-in. Is there some other kind of certificate I need to issue, and if so, how? Also, if I'm reading the NPS log correctly I'm getting authentication type 11 and Result Code 23 neither of which show up in http://technet.microsoft.com/en-us/library/cc771748%28WS.10%29.aspx.

Very confused.

Answer : EAP rejects Wireless user when using NPS as a RADIUS Server in an Active Directory Environment

Actually, we ended up doign machine authentication but the problem itself required a call to Microsoft, and ended up being a certificate issue - even though a root certificate had for its purpose we had to create a RAS certificate on the Certificate Authority. Even after we did that though we ran into problems, it took Microsoft a couple days to figure everything out, probably because 2K8 R2 and Win7 are so new.

Random Solutions

Cisco 837 router factory defaults

Cisco router - network/internet speed issues

ISCSI Target On Windows 2003

dhcp with 2 ip ranges on sbs2003

IP address of my WAP

configuration problem in 3com switches in a mixed 3com and cisco switches environment

how to do simple math from dos command line (for my batch file)

Local policy of this system does not permit you to log on interactively